6 matches found
ai.h2o:sparkling-water-api-generation_2.11 (>=3.34.0.3-1-2.2 <=3.46.0.1-1-2.4), ai.h2o:sparkling-water-api-generation_2.12 (>=3.34.0.3-1-3.0 <=3.46.0.1-1-3.5) +9 more potentially affected by CVE-2024-10572 via ai.h2o:h2o-ext-xgboost (>=3.34.0.1 <=3.46.0.1)
ai.h2o:h2o-ext-xgboost MAVEN version =3.34.0.1, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.1-1-2.2, =3.34.0.1-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =2.0.0, =2.1.1 Source cves: CVE-2024-10572 Source advisory:...
CVE-2024-10572
In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...
CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...
CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...
CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...
CVE-2024-10572
CVE-2024-10572 affects h2oai/h2o-3 (v3.46.0.1). The vulnerability arises because the run_tool feature exposes classes in the water.tools package via the AST parser, enabling the XGBoostLibExtractTool . This can be exploited to shut down the server and write large files to arbitrary directories, r...